I create a web browser in python3 with pygobject (gtk3 and webkit2) and I want create a home page include google. I create a html file with a iframe but I see the error :
Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
How I can set X-Frame-Options ? All the solution in the web is a configuration in a local serveur but I don't have local serveur.
Here is my home page
<!DOCTYPE html>
<html>
<head>
<title>(Nouvelle page)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<iframe src="https://www.google.com/"></iframe>
</body>
</html>
This is not something you can fix locally, unfortunately.
There is a similar question here: https://stackoverflow.com/a/8700754/2773979
The problem isn't that your page is missing that header, it is that Google sets this header precisely to prevent people from embedding the site into an iframe. Browsers comply to this by refusing to load/display the content of the iframe.
Note that there are solutions, like proxying the google page, but those are probably against the terms of service.
Related
Below Given is my code from which I am trying to print pdf file.
<!DOCTYPE html>
<html>
<head>
<title></title>
<script type="text/javascript" src="print.min.js"></script>
<link rel="stylesheet" type="text/css" href="print.min.css">
</head>
<body>
<script type="text/javascript">
function sample(){
printJS({
printable: "test.pdf",
type: "pdf",
});
}
</script>
<button onclick="sample()">Click Me</button>
</body>
</html>
but it is not working and diving below error on chrome console
Access to XMLHttpRequest at 'file:///test.pdf' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.
I am following all the rules said in documentation of Print-js. my {.pdf} file and {.html} file are in same folder. It is Working Fine with {.jpg} File.
Please help me.
I am sharing link of the script I have included in my head tag
JS:- https://printjs-4de6.kxcdn.com/print.min.js
CSS:- https://printjs-4de6.kxcdn.com/print.min.css
It was the problem regarding "Cross origin requests". To solve this you need to start your local server. in my case I started Xampp and moved my files to htdocs folder and BOOM it worked.. I Still dont know why it was working for images and not for pdfs.
HERE IS THE ANSWER ON STACK-OVERFLOW THAT HELPED ME.
https://stackoverflow.com/a/20578692/10333164
I'm trying to embed a page whose Content Security Policy does not seem to be respected in Safari, but does works in Chrome, Firefox, Edge, Brave. The embed looks like this:
<iframe src="https://cloudflare-ipfs.com/ipfs/QmUiDhFZeFnJvHgxGbwPucT8kyZvAzBsFFA12vPNxfsP6u/" sandbox="allow-scripts" />
The embedded page looks like this, and contains a CSP meta tag:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline';">
<title>test</title>
<meta charset="utf-8">
</head>
<body>
<script src="test.js"></script>
</body>
</html>
The CSP should dictate that the page can load resources from its own origin, as well as inline scripts. However, when I try to load the iframe in Safari, I get an error claiming the path to the script does not match the default-src directive:
Refused to load https://cloudflare-ipfs.com/ipfs/QmUiDhFZeFnJvHgxGbwPucT8kyZvAzBsFFA12vPNxfsP6u/test.js because it appears in neither the script-src directive nor the default-src directive of the Content Security Policy.
The response headers for the embedded page look like this:
headers
Here is a simple jsfiddle demostrating the issue: https://jsfiddle.net/4hLdygm9/1/
Thanks in advance!
UPDATE:
Have open an issue on the Webkit Bugzilla and has been confirmed to be a bug:
https://bugs.webkit.org/show_bug.cgi?id=223848
I have a custom HTML file set up for B2C's sign in / sign up user flow that looks like this:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/sign_up.css">
<title>My Sign up</title>
</head>
<body>
<div id="api">
</div>
</body>
</html>
I've hosted this in my web app service and placed the url into the Custom Page URI field in the flow. Screenshot here.
However, when I hit "Run User Flow" the default Microsoft selfAsserted page is still loaded. Is there anything that would cause this to happen?
To clarify: I have hit save after entering the URI and the Custom Page column says "Yes" for Local account sign up page.
You should check again, make sure the custom page status is Yes. But in your screenshot, the status is No for the custom page.
It turned out to be a CORS issue. Adding https://<resourcegroup>.b2clogin.com to my app service's CORS whitelist resolved the problem.
I'm trying to use an SVG file in an IMG tag. In my local environment works, but when pushing to the server it doesn't. I assume I have an issue with the type of document served, but can't figure how to fix it. Here's the code that loads the SVG:
<img src="images/icon-reputation.svg" />
Here's my DOCTYPE and header info:
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="user-scalable=yes, width=device-width, initial-scale=1.0, maximum-scale=1.0" />
<title>SVG</title>
</head>
Any clues? Thanks.
Make sure your web server is serving the SVG files with the correct ContentType. You can check what the type is by looking in the Net/Network section of your (desktop) browser developer tools.
The way you configure the server depends on the server of course. But, for example, for apache it is:
AddType image/svg+xml svg
I added this code to the head but when I try to post something about a website inside a Facebook page, the image that I specified is still not showing up as an option. I'm using wordpress as a CMS. Any ideas why?
<meta content="something" name="title">
<meta content="something="og:description">
<link href="thumbnail.jpeg" rel="image_src">
Try using the Facebook Debugger to pin-point the issue.
Sometimes there is a caching issue and feeding your URL through this tool forces Facebook to scrape your URL again hence refreshing the cached og:tags
Further more your og:tags should look more like this :
<meta property="og:title" content="The Rock"/>
<meta property="og:type" content="movie"/>
Notice the property attribute and not the content attribute that you (possibly) used. The correct syntax is available at this link : http://ogp.me/